There is much chatter on using the Blockchain to enable sovereign control of a person's identity. We see pressure in the US on Facebook with the reported 87 million users' data compromised. We see companies globally working to meet the strict guidelines outlined by the upcoming GDPR. Can blockchain technology help us manage data? Many say no. What is the role of the blockchain and sovereign data?

Blockchains are databases. Sure they can be used to manage data work-flows in companies and differentiate transactions between entities (employees, customers, people, etc). Regarding the GDPR, I think that blockchains can assign an almanac of input work-flow from all entities.

However, it is not central to the GDPR thesis that data owners control their assets? If this is the case, don’t distributed ledgers solve for this? Blockchains enable the user to be the primary owner and DIRECT controller of their data. Intermediaries are eliminated.

I don’t think laws or regulation2 endeavors to establish control, as much as, they want to incentivize ethical engagement. GDPR established rights for reasonable debate. Blockchains can help identify owners, intermediaries, and people are needed to monitor inherently buggy code.

I also don’t think that operational ownership is the objective, whereas, legal ownership is. Blockchain’s ability to identify all transactions provides the abilities to legal authority to retaliate against deemed fraudulent or flagrant use of one’s natural resource (data).

The benefit of blockchains are their ability to provide truthful streams if data on all sort of interactions. I particularly like this because a stream of data can be leveraged as an asset to distribute derivative value; and further, allocate it to the people who are owed value.

So I understand by this that GDPR’s goal is strategic: to establish a framework for the rights of data owners. Your contention is that blockchain may serve as a tactical solution for some of these issues?

Yes, it definitely can be. In many cases blockchain will offer more efficient and effective solutions for corporate operational work-flows and for future automation of those work-flows. After all, the objective of org process design is “error-proofing” and eventually automation.

Here is the inherent conflict between GDPR and the Blockchain. It is CRUD vs CRAB architecture. CRUD stands for Create-Read-Update-Delete which facilitates GDPR. Instead, operations on blockchain are CRAB: Create-Retrieve-Append-Burn. You cannot delete transactions.

There are ways of completely erase data in the off-chain storage. However, “the benefit of transparency with blockchain is reduced. By storing your data off-chain, you have no way of knowing for sure who accessed your data, and who has access to your data.”

Blockchain strengths data-ownership and transparency; however, it seems that the manner in which GDPR is formulated, we cannot store data directly on the blockchain since in GDPR terms ‘it is not erasable’.

I like the theoretical paradox, but I don’t think that the right to erasure is of maximum benefit when enforces to erase data, as much as it is agency over data transactions and warrants indemnification for retaliation of deemed flagrant or fraudulent use.

The Right to Erasure while at the center of Europe’s GDPR wouldn’t work itself in the United States because of the 1st Amendment’s right to free speech, but is a great provocateur towards what we really want: Ownership.

Owning the asset as it moves is the great equalizer in my opinion, not privacy or transparency. That stated, I’m am concerned that erasability could stifle blockchain development in the EU, even as Europeans have ben great leaders over the past decade.

All I’m optimistic and think that the investment has to be rooted in educating businesses and the public that data policies and crypto technologies should keep the objective of ownership and protection, not privacy or security per se. Security is a culture and privacy is aloof.